Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
14-03-2022 15:00
Static task
static1
Behavioral task
behavioral1
Sample
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
-
Size
552KB
-
MD5
2a3415ff37c6f1b5513c9b0c2195b9c4
-
SHA1
37ac33429ba6e0391e8dab7dd1ca350801110b74
-
SHA256
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0
-
SHA512
278900181fa9a80a4d30fb34d7b0e4829c57694bee3d693e3714a4eaf1ca62d5c6310f230064b7d443b356c5a30089ff566afa11d3f2256a16ca736c6a6d928a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exefondue.exedescription pid process target process PID 1012 wrote to memory of 3876 1012 c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe fondue.exe PID 1012 wrote to memory of 3876 1012 c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe fondue.exe PID 1012 wrote to memory of 3876 1012 c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe fondue.exe PID 3876 wrote to memory of 3772 3876 fondue.exe FonDUE.EXE PID 3876 wrote to memory of 3772 3876 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe"C:\Users\Admin\AppData\Local\Temp\c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
PID:3876 -
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵PID:3772